Securing web browser communication

The default BMC AMI Cloud installation procedure provides a self-signed web certificate. This certificate encrypts the web traffic passing between your browser and the BMC AMI Cloud management server.

This topic describes how to replace the default certificate for the BMC AMI Cloud server web UI.

Perform the following procedure to replace the BMC AMI Cloud self-signed web certificate. Contact your security administrator to make sure the site's standard security policy is met.

1. Create a personal certificate request and a private/public key pair for the management server.
2. Sign the personal certificate with your site's standard certificate authority (CA).
3. Import the personal certificate with its chain and private/public key pair into a PKCS12 file. Make sure to specify the file's password and the alias of the certificate within the p12 file.
4. Copy the PKCS12 file using binary mode into $MODEL9_HOME/keys/pkcs12_file.p12.

5. Update the keystoreFile, keystorePass and keyAlias settings in the server configuration file by editing the $MODEL9_HOME/conf/connectorHttpsModel9.xml file, as shown in the following example:

   <Connector
       port="443"
       protocol="org.apache.coyote.http11.Http11NioProtocol"
       maxThreads="150"
       SSLEnabled="true"
       keystoreFile="/model9/keys/pkcs12_file.p12"
       keystoreType="PKCS12"
       keystorePass="keystorePass"
       clientAuth="false"
       sslProtocol="TLS"
       keyAlias="keyAlias"
       secure="true"
   />